On Wed, Oct 19, 2011 at 8:05 PM, Andreas Dick andudi@gmx.ch wrote:
Am Mittwoch, 19. Oktober 2011, um 08.15:49 schrieb A.L.E.C:
On 18.10.2011 22:17, Andreas Dick wrote:
security error: content at http://realserver.ch/roundcube/ is not
allowed
to load data from von http://niceurl.ch/
// X-Frame-Options HTTP header value sent to prevent from Clickjacking. // Possible values: sameorigin|deny. Set to false in order to disable sending them $rcmail_config['x_frame_options'] = 'sameorigin';
thanks ALEC! this was the problem... I did not understand this feature, now I do :-) Andreas
Just adding my two cents here:
We need to figure out more ways to effectively prevent clickjacking.
Is running RoundCube in a frame a huge feature for you guys? Because it opens the gates for all kinds of abuse.
Till
List info: http://lists.roundcube.net/dev/ BT/aba52c80